ALPHV Brings MGM Resorts to a Halt in Ten Minutes
In a recent cyber incident that has shaken the operations of MGM Resorts, the ALPHV/BlackCat ransomware group has emerged as the main culprit. This unanticipated breach originated from an unusual source, LinkedIn, raising questions about the vulnerabilities associated with professional networking platforms. Read more
3AM Ransomware Threat Actor Deploys Bitwise Spider in the Wild
A novel strain of ransomware known as “3AM” has surfaced, marking its presence in the cybersecurity landscape. This malware variant made its debut after being identified in a single security incident, during which an unidentified affiliate turned to 3AM following an unsuccessful attempt to deploy the Bitwise Spider AKA LockBit ransomware in a targeted network. Read more
New Phishing Campaign Targets Corporations Through Microsoft Teams Messages
Microsoft has issued a warning regarding a new phishing campaign orchestrated by an initial access broker, which involves exploiting Microsoft Teams messages as bait to breach corporate networks. This campaign, dubbed Storm-0324 (also known as TA543 and Sagrid), marks a departure from the traditional… Read more
Critical GitHub Flaw Puts Over 4,000 Repositories at Risk of Repojacking
In a recent revelation concerning GitHub, a significant vulnerability has come to light, potentially placing thousands of repositories in danger of repojacking attacks. This security flaw centers around the exploitation of a race condition within GitHub’s processes related to repository creation and username renaming. This vulnerability, if successfully leveraged, carries severe implications for… Read more
Redfly Group Compromised National Grid by Deploying ShadowPad Malware
A threat actor known as Redfly has been identified in connection with a breach of a national grid of an unspecified Asian nation. The intrusion is reported to have lasted up to six months earlier this year and was executed through the utilization of the ShadowPad malware. According to the Symantec Threat Hunter Team, which is a division of Broadcom, Redfly successfully exfiltrated credentials and compromised multiple… Read more
MetaStealer Malware Strikes macOS Devices in Recent Campaign
A recently discovered malware strain, known as MetaStealer, has emerged as a significant threat to Apple macOS users. This development adds to the growing roster of malware families targeting the macOS ecosystem, joining the ranks of Stealer, Pureland, Atomic Stealer, and Realst. According to insights provided by cybersecurity experts, MetaStealer is strategically employed by threat actors who actively target… Read more
Charming Kitten Uses ‘Sponsor’ Backdoor to Target Brazil, Israel, and U.A.E.
The Iranian threat actor known as Charming Kitten has resurfaced, launching a fresh wave of attacks with a focus on Brazil, Israel, and the United Arab Emirates (U.A.E.). This campaign has been associated with the deployment of a previously undisclosed backdoor, known as “Sponsor.” The campaign is being meticulously monitored by Slovak cybersecurity experts, who have aptly dubbed it “Ballistic Bobcat.” An analysis of victimology patterns indicates that… Read more
PowerShell-Based Attacks Target Windows Systems to Extract NTLMv2 Hashes
Hackers are exploiting a PowerShell script associated with a legitimate red teaming tool to extract NTLMv2 hashes from compromised Windows systems. The operation, dubbed “Steal-It” by Zscaler ThreatLabz, has primarily targeted systems in Australia, Poland, and Belgium. In this scheme, threat actors employ customized versions of Nishang’s Start-CaptureServer PowerShell script. They execute various system commands and exfiltrate the stolen data via… Read more
HijackLoader Modular Malware Loader Uses Code Injection and Evades Detection
A new malware loader named is being utilized as a delivery mechanism for various malicious payloads, including DanaBot, SystemBC, and RedLine Stealer. HijackLoader’s uniqueness lies in its modular architecture, enabling it to employ multiple modules for code injection and execution, a feature uncommon among most loaders. Despite its lack of advanced features… Read more
Crypto-Miners Exploit Legitimate Advanced Installer Tool in Cyberattacks
Advanced Installer, a legitimate Windows tool commonly used for software packaging, has been exploited by malicious actors to distribute cryptocurrency-mining malware since November 2021. This abuse involves packaging genuine software installers, including applications like Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts. The malefactors then employ Advanced Installer’s Custom Actions feature to… Read more
